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(54) Secure self-learning 

(57) A secure learning system for use in the re- 
mote control of security devices. A microchip 
encoder (10) transmits a signal which controls 
key generation information derived from a seed, 
a serial number and the operation of an 
algorithm and a key on an input value. A micro- 
chip decoder (12) receives the signal and ext- 
racts the key generation information which Is 
then used as a second key, or to generate a 
second key, optionally with the use of a man- 
ufacturer's key which, itself, may be modified. 
The second key is used for decoding signals in 
normal operation of the system. By storing a 
number of parameter sets at the encoder and at 
the decoder, the encoder can function as any 
one of a number of different virtual encoders, 
and the decoder can respond thereto. 
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BACKGROUND OF THE INVENTION 

This invention relates generally to the remote 
control of devices and to security systems and, more 
particularly, to a secure learning system and method. 

The remote control of systems or devices via ul- 
trasonic, radio frequency or infra red transducers is 
popular for many applications, including security sys- 
tems for buildings and vehicles, and remote control- 
led garage door and gate openers. 

Certain unidirectional transmission systems cur- 
rently in use have two very important security short- 
comings: 

(a) the codes they transmit are usually fixed; and 

(b) the number of possible code combinations is 
relatively small. 

Either of these shortcomings can lead to 
unauthorised access. 

The limited number of possible combinations 
available in most remote control systems makes it 
possible to transmit all possible combinations in a rel- 
atively short time. A hand held microprocessor- based 
system for this purpose (called a code scanner) can 
easily be constructed. 

In systems using eight DIP switches (256 combin- 
ations), this scanning process can typically be ac- 
complished in less than 32 seconds, when trying 
eight combinations per second. Even in systems us- 
ing 16 bit keys, yielding 65 536 combinations, only 2% 
hours would be required to try all possible combina- 
tions. It should also be noted that the scanner may 
gain access in far less than this maximum time - the 
average time would in fact be half of the total time. 

An easier way of gaining unauthorised access to 
a security system is freely available. A unit of this type 
is advertised as a tool for the "legal repossession of 
vehicles". 

A remote control transmitter of the type normally 
used in vehicle security and remote control systems 
includes a small radio transmitter that transmits a 
code number on a specif ic frequency. This code num- 
ber is normally generated by an integrated circuit en- 
coder. The transmission frequency is usually fixed by 
legislation within a particular country. Thus it is pos- 
sible to build a receiver that can receive signals from 
all such transmitters and to use this together with a 
circuit which records the transmissions captured by 
the receiver. Such a device is known as a code or key 
grabber and can be used to gain access to protected 
premises or to vehicles with remote control security 
systems. 

Code hopping and rolling code systems are cur- 
rently available to overcome the limitations of fixed 
code systems (refer to ZA Patent No.91/4063 and US 
Patent No.5, 103,221). The specifications of these pa- 
tents describe transmitters which use algorithms to 
generate a different transmission each time the 
transmitter is activated. When a code is received and 



decoded, a decoder responds only if a valid transmis- 
sion was made. In some cases (refer to ZA Patent 
No.91/4063) a special algorithm is used with a stored 
key to decode an encoded reception. The decoded 

5 value is then compared to a stored value to determine 
if the transmission is legitimate or not 

A disadvantage of code hopping and rolling code 
systems is the fact that it is difficult to replace or dis- 
able lost, stolen or unserviceable transmitters. Exter- 

10 nal equipment is used by a manufacturer or dealer to 
reprogram and replace a transmitter. An additional 
security problem may be created during this process. 

Ideally a security system should not require deal- 
er intervention when a user needs to add a new trans- 

15 mitter to the system or replace a transmitter. The user 
should be able to buy a generic replacement transmit- 
ter off the shelf and add this transmitter unassisted 
when convenient. Learning systems provide this ca- 
pability, in that the decoder can "learn" the newtrans- 

20 miner's identity without having to be reprogrammed 
from outside using special equipment. 

A learning system should however not only en- 
able a user to add a new transmitter to the system, but 
should also have a means of excluding a previous 

25 transmitter from the system, due to the possibility of 
such a transmitter falling into the wrong hands. 

In learning fixed code systems, the incoming 
code is stored for future reference by the decoder 
when it is in a learning mode. Subsequent transmis- 

30 sions are compared with the learned code. Different 
arrangements to learn new transmitter codes are 
used. A switch can be used to set the decoder either 
in a normal operation mode or in a learning mode (US 
Patents Nos.4,750,118 and 4,912,463). In the learn- 

35 ing mode, the decoder can learn new valid codes from 
a transmitter. Similar means is used (refer to US Pa- 
tents Nos.4,931,789 and 5,049,867) to program the 
decoders to react to a new transmitter code. In an- 
other invention (refer to US Patent No.5,148,159), a 

40 randomly selected f ixed code is generated by the de- 
coder and programmed into the associated transmit- 
ter. US Patent No.4,855,713 describes the use of a 
hand-held programmer to program the new fixed 
code to be recognised by the decoder. In all of these 

45 cases, the transmitted or programmed codes are 
fixed stored codes. Security threats by means of code 
grabbing or code generation still exist irrespective of 
the learning mechanisms employed. 

Reference should also be made to the specif ica- 

50 tions of the following U.S.A. patents Nos: Re 29,525; 
4,380,762; 4,385,296; 4,426,637; 4,529,980; 
4,535,333; 4,574,247; 4,590,470; 4,596,985; 
4,638,433; 4,652,860; 4,686,529; 4,737,770; 
4,779,090; 4,835,407; 4,847,614; 4,855,713; 

55 4,878,052; 4,890,108; 4,928,098; 4,951,029; 
4,988,992; 5,049,867; 5,055,701. 



2 



# 

3 



EP0 688 929 A2 



4 



SUMMARY OF THE INVENTION 

The invention provides, in the first instance, a 
method of operating an encoder which includes the 
steps of : 

storing a serial number; 

storing at least one of the following: 

a seed; 

a key; and 

a derivative of the key; and 
transferring key generation information which in- 
cludes at least one of the following: 

the seed; 

the key; 

the derivative of the key; 
the serial number; and 

information derived from applying the key or 
the derivative of the key and an algorithm to an input 
value. 

The key may be generated using at least one of 
the following: 

a manufacturer's key; 
the key; 

the derivative of the key; 

the seed; and 

the serial number. 
The input value may include information including 
at least one of the following: 

a management code; 

a counter value; and 

information relating to a command. 
In one embodiment the method includes the 
steps of: storing a plurality of parameter sets, each 
parameter set including at least one of the following: 

a respective serial number; 

a respective seed; 

a respective key; and 

respective information derived from applying 
the said respective key and the algorithm to a respec- 
tive input value; 
selecting a parameter set; and 
transferring the respective key generation informa- 
tion for the selected parameter set. 

Each respective input value may include at least 
one of the following: 

a respective management code; 

a respective counter value; and 

information relating to a command. 
The encoder may also include provisions for dis- 
abling the transmission of the key generation infor- 
mation. This facility is useful to prevent an outsider 
from obtaining the key generation information after 
the transmitter has been learned by a decoder. The 
transmission of key generation information can be 
permanently disabled by a conscious action by the 
user, or by an automatic process, e.g. when the en- 
coder has been used a predetermined number of 
times. In the former case manual action can be taken 



by using a programming action or a specific combin- 
ation of inputs. 

The invention also extends to a method of oper- 
ating a decoder which includes the steps of receiving 
5 a signal which contains key generation information; 
and extracting key generation information from the 
received signal. 

The key generation information may include at 
least one of the following: 
10 a seed; 

a serial number; and 

encoded information derived from applying a 
first key and an algorithm to an input value. 

The method may include the step of storing at 
15 least one of: 

the second key; 

the key generation information; and 
the serial number. 
In one embodiment the received signal includes 
20 the encoded information and the method includes the 
steps of: 

decoding the encoded information using a decoding 
algorithm and a previously generated second key to 
obtain a decoded input value which includes informa- 
25 tion selected at least from: 
a management code; 
a counter value; and 
information relating to a command; and 
storing the decoded input value. 
30 The method may include the steps of: 

storing a plurality of parameter sets, each parameter 
set including information selected at least from: 
a respective serial number, 
a respective management code; and 
35 a respective counter value. 

In a further embodiment, the key generation in- 
formation includes a portion that may be used in the 
decoder to modify or augment the stored manufactur- 
er's key during learning. The original or modified 
40 manufacturer's key may be used for generating the 
second key. 

The invention further extends to a method of op- 
erating an access control system which includes an 
encoder and a decoder, the method including the 
45 steps of: 

storing a serial number; 
storing at least one of the following: 
a seed; 

a first key; and 
so a derivative of the first key; and 

using the encoder to transfer a signal which includes 
key generation information which includes at least 
one of: 

the seed; 
55 the serial number; and 

information derived from applying the first key 
of the derivative of the first key and an algorithm to 
an input value; and, at the decoder, receiving the 
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transferred signal; and 

extracting the key generation information from the re- 
ceived signal. 

The first key may be generated using a manufac- 
turer's key and at least one of the following: 
the said seed; and 
the said serial number. 

During learning, the key generation information 
may be used to modify or augment the manufactur- 
er's key stored in the decoder. Alternatively, a decod- 
er may not have a manufacturer's key at all, and may 
derive the decoding key solely from the key genera- 
tion information transmitted by the encoder, or use 
that key generation information directly as a decoding 
key. 

The second key or the key generation information 
may be stored. In the former case, the method in- 
cludes the steps of: 

activating the encoder with a command; 
encoding at least an input value using the first key and 
an algorithm to form an encoded part, the input value 
including information selected at least from: 
a counter value; 
a management code; and 
information relating to the command; 
using the encoder to transfer a signal which is formed 
from at least the serial number and the encoded part; 
and, at the decoder, 
receiving the transferred signal; and 
using the second key and a decoding algorithm to de- 
code the said encoded part in the transferred signal 
to obtain the said input value. 

In the latter case the method includes the steps 

of: 

activating the encoder with a command; 
encod ing at least an input value using the first key and 
an algorithm to form an encoded part, the input value 
including formation selected at least from: 

a counter value; 

a management code; and 

information relating to the command; 
using the encoder to transfer a signal which is formed 
from at least the serial number and the encoded part; 
and, at the decoder, 
receiving the transferred signal; and 
using the key generation information and a decoding 
algorithm to decode the said encoded part in the 
transferred signal to obtain the said input value. 
The method may further include the steps of: 

using a plurality of encoders; 

activating a selected encoder using a com- 
mand; 

transferring a signal which contains the key 
generation information associated with the selected 
encoder; and 

at the decoder, storing a plurality of parameter sets, 
each parameter set being associated with a respec- 
tive encoder and including information selected at 



least from: 

a respective serial number; 
a respective management code; and 
a respective counter value; 
s receiving the said transferred signal, and 

generating a respective second key, associated with 
a selected parameter set, using the manufacturer's 
key and the key generation information contained in 
the said transferred signal. 
10 Preferably the encoder and the decoder are each 

formed in a respective microchip. 

The invention also provides an encoder which in- 
cludes: 

means for etoring serial number; 
15 means for storing at least one of the following: 
a seed; 
a key; and 

a derivative of the key; and 
means for transferring key generation information 
20 which includes at least one of the following: 
the seed; 
the key; 

the derivative of the key; 

the serial number; and 
25 information derived from applying the key or 

the derivative of the key and an algorithm to an input 
value. 

The invention also extends to a decoder which in- 
cludes means for receiving a signal which contains 
30 key generation information; and means for extracting 
key generation information from the received signal. 

The key generation information may include at 
least one of the following: 
a seed; 
35 a first key; 

a derivative of the first key; 
a serial number; and 

encoded information derived from applying the 
first key or the derivative of the first key and an algo- 
40 rithm to an input value. 

The decoder may include means for generating a 
second key using at least the key generation informa- 
tion. The second key may be the key generation in- 
formation. 

45 Means may be provided for storing at least one of: 

the second key; 

the key generation information; and 
the serial number. 
The decoder may include means for storing a 
50 manufacturer's key and means for generating the 
said second key using at least the said key generation 
information and the manufacturer's key. 

The decoder may include means for storing a 
plurality of parameter sets, each respective parame- 
55 ter set including at least one of the following: 
a respective serial number; 
a respective seed; 
a respective key; and 
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a respective derived key. 
During learning, the key generation information 
may be used to modify or augment the manufactur- 
er's key stored in the decoder. Alternatively, the de- 
coder may not have a manufacturer's key at all, and 5 
may derive the decoding key solely from the key gen- 
eration information transmitted by the encoder, or use 
that key generation information directly as a decoding 
key. 

The invention further provides an access control w 
system which includes an encoder and a decoder, the 
encoder including: 
means for storing a serial number; 
means for storing at least one of the following: 

a seed; 15 

a first key; and 

a derivative of the first key; and 
means for transferring a signal which includes key 
generation information which includes at least one of 
the following: 20 

the seed; 

the first key; 

the derivative of the first key; 
the serial number; and 

information derived from applying the first key 25 
or the derivative of the first key and an algorithm to 
an input value; 
the decoder including: 

means for receiving the transferred signal; and 

means for extracting the key generation information so 

from the received signal. 

The first key may be generated using a manufac- 
turer's key and at least one of the following: 
the said seed; and 

the said serial number. 35 

The decoder may include means for storing a 
manufacturer's key and the said second key is gen- 
erated using at least the said key generation informa- 
tion and the manufacturer's key. 

It is to be understood that, during learning, the 40 
key generation information may be used to modify or 
augment the manufacturer's key stored in the decod- 
er. Alternatively, the decoder may not have a manu- 
facturer's key at all, and may derive the decoding key 
solely from the key generation information transmit- 45 
ted by the encoder, or use that key generation infor- 
mation directly as a decoding key. 

The system may include means for storing the 
second key or the key generation information. 

In one embodiment the system may include: 50 
means for activating the encoder with a command; 
means for encoding at least an input value using the 
first key and an algorithm to form an encoded part, the 
input value including information selected at least 
from: 55 
a counter value; 
a management code; and 
information relating to the command; 



means for forming a signal, for transfer by the encod- 
er, from at least the serial number and the encoded 
part; 

the decoder including means for using the second key 
and a decoding algorithm to decode the said encoded 
part in the transferred signal, received by the said sig- 
nal receiving means, to obtain the said input value. 

In another embodiment the system may include: 
means for activating the encoder with a command; 
means for encoding at least an input value using the 
first key and an algorithm to form an encoded part, the 
input value including information selected at least 
from: 

a counter value; 
a management code; and 
information relating to the command; 
means for forming a signal, for transfer by the encod- 
er, from at least the serial number and the encoded 
part; 

the decoder including means for using the key gener- 
ation information and a decoding algorithm to decode 
the said encoded part in the transferred signal, re- 
ceived by the said signal receiving means, to obtain 
the said input value. 

The system may include means for storing a plur- 
ality of parameter sets at the encoder, each parame- 
ter set including information selected at least from: 

a respective serial number; 

a respective seed; and 

respective information derived from applying 
the said respective key and the algorithm to a respec- 
tive input value; 

means for selecting a parameter set; 
means for activating the encoder using a command; 
the signal transferring means then transferring a sig- 
nal which contains the key generation information as- 
sociated with a selected parameter set; 
means for storing a plurality of parameter sets at the 
decoder, each parameter set including information 
selected at least from: 

a respective serial number; 

a respective management code; and 

a respective counter value; and 
means for generating a respective second key, asso- 
ciated with a selected parameter set, using the key 
generation information contained in the said transfer- 
red signal. 

The said respective second key may be generat- 
ed using the said key generation information and the 
manufacturer's key. 

Preferably the encoder and the decoder are each 
formed in a respective microchip. 

It is an object of the present invention to provide 
an access control system wherein a transmitter or 
token, such as a so-called "smart card", may be re- 
placed or added to the system by a user without ex- 
ternal equipment and without transferring an encod- 
ing key in clear format i.e. in unencoded form. 
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The access control system may allow for the dis- 
abling, in a decoder, of stolen transmitter codes to 
prevent unauthorized access to the system. 

Another object of the invention is to provide an 
access control system which acts against the use of 
code grabbing or scanning methods. 

The invention is further concerned with an en- 
coder and a decoder for use in an access control sys- 
tem, and with their method of operation. 

During the manufacturing process, encoders are 
programmed with different serial numbers associated 
with a range of decoders. A unique manufacturer's 
key is used together with an algorithm and the serial 
number, to generate and store a user key in a non-vol- 
atile memory of the encoder, together with counter, 
management code and other information. Several 
sets of these parameters can be stored to handle sev- 
eral transmissions (transmit different commands by 
activating different inputs). The manufacturer's key is 
stored in all the manufacturer's decoders. User data 
and control data is also programmed to control the 
different functions that need to be activated by the 
encoder. The same algorithm used to generate the 
user key in the encoder must also be present in the 
decoder. The algorithm may use one or more of, 
amongst others, the serial number, the key genera- 
tion seed and the manufacturer's key, in modified or 
unmodified form, to produce the encoder key. 

In normal operation of an encoder, the key infor- 
mation associated with a parameter set is used to en- 
code the variable counter information, together with 
the encoder management code, serial number and 
other information by making use of a special algo- 
rithm. The information that is encoded will be different 
each time the encoder is activated. This technique is 
referred to as code hopping. Although it is known that 
the counter information changes, the transmission is 
not predictable because of the secret key and algo- 
rithm that encode the information. In an access con- 
trol system, a fixed part denoting the serial number 
may be generated with the code hopping part and to- 
gether form a transmission value that is transmitted 
by a data transfer interface. 

In one embodiment of the invention, an encoder 
learning capability is implemented. This allows a user 
to replace an encoder or add an encoder to be recog- 
nised by a decoder which has a learning mode func- 
tion, selectable by the user. The learning mode func- 
tion can be selected by activating it on the decoder. 
This can be accomplished by using a normal encoder 
and programming the output function to set the de- 
coder in learning mode. This is also known as a mas- 
ter encoder or token. The use of such a master encod- 
er allows for a higher level of security to be achieved. 
The master token may also be used in conjunction 
with input switches. 

In a different embodiment of the invention, it is 
possible for an encoder to encode an external input 



vaJue. This input value replaces the value to be en- 
coded internally by the encoder. A bi-directional com- 
munication arrangement is used in this case. This 
procedure can be used to identify the originality of the 

5 encoder, known as identification friend or foe (IFF), 
for access control and authentication purposes. The 
encoder accepts a challenge value as an input from 
a terminal that forms part of an access control sys- 
tem. This input value is encoded by the encoder using 

10 the encoding function and key to form an encoded 
value. The encoded value is then transferred to the 
decoder that is part of an access control terminal. If 
a legitimate encoder is used, the encoded value will 
correspond with a decoded value calculated by the 

15 decoder and the decoder will enable an external func- 
tion to operate. If it is not a legitimate encoder, the de- 
coded value will not correspond with the value gen- 
erated by the decoder, preventing the required re- 
sponse by the decoder. 

20 The encoder can be used in a token or a trans- 

mitter type device in an access control system. A 
transmitter would generally, on activation, transfer in- 
formation from the encoder output to a receiver sys- 
tem via a transfer medium such as radio (rf), infra red 

25 (ir) or microwave. A token can also designate a trans- 
mitter device, but more generally includes a device in 
which information transfer is done by means of elec- 
trical contacts and conductors. In these physical con- 
tact tokens (or smart cards), information can be trans- 

30 f erred bi-directionally through read and write opera- 
tions. In both cases the invention is directed to the 
transfer of information regarding the encoding or de- 
coding key without possibly exposing the encoding or 
decoding key to the outside world. 

35 Once the learning mode of the decoder is select- 

ed, the data from the new encoder is captured and the 
serial number is first used. By making use of the man- 
ufacturer's master key and the captured encoder ser- 
ial number, a new decoder key is derived with the key 

40 generation algorithm that mustform part of the decod- 
er. The key generation information may be used to 
modify or augment the manufacturer's key before the 
new key is calculated. Alternatively, the decoder may 
not have a manufacturer's key at all, and may derive 

45 the decoding key solely from the key generation infor- 
mation transmitted by the encoder, or use that key 
generation information directly as a decoding key. 
The newly derived key is used to decode the variable 
(encoded) part of the previously captured transmis- 

so sion. Once decoded, it is checked to verify that the 
correct key was generated and used. 

In a different embodiment, a further transmission 
can be required to be decoded. This double transmis- 
sion system can then also check the decoded counter 

55 information to ensure that the generated key is valid. 
The encoder serial number is stored in non-volatile 
memory, and associated with it, the derived decoder 
key, management code, counter and other user infor- 
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mation. The learning is thus verified before it is ac- 
cepted as valid, after which the encoder can be used 
to activate the decoder in normal operation. 

In normal operation, the encoder, when activated 
through electrical inputs, for example by depressing 
a push button switch, or switches, or by any other suit- 
able command means, encodes the counter, button 
and management code information with an algorithm 
and a key. The management code information usually 
consists of information selected from the following 
group: the encoder status, command, identity, tech- 
nology type, time, mode, integrity and user data. It 
may also include time information. This time informa- 
tion may be used to transfer the time that the encod- 
ing event took place or to indicate valid periods or ex- 
piry dates to the decoder system. The user key is as- 
sociated with the serial number that forms part of the 
information that is stored in non-volatile memory. The 
unencoded serial number and the encoded informa- 
tion are transferred by external data transferring 
means. The data transfer can be a transmission by an 
encoder, or the encoder can be activated electrically 
in a specific application to transfer the data. 

The decoder, on receipt of the transmission, de- 
tects the unencoded serial number and encoded part. 
It compares the serial number with the serial numbers 
of the learned encoders stored in its memory. If no 
comparison is found, the transmission is rejected. If 
a matching value is found, the decoder key stored in 
memory associated with the matching serial number 
is used to decode the encoded information with a de- 
coding algorithm. The integrity of the transmission is 
checked to verify that the signal was received and de- 
coded correctly. If this is valid, the counter is checked. 
If valid, the decoder counter information is updated 
and the output function control is activated. If the 
counter is not valid, the transmission is rejected. 

The advantages of the security system are that 
the transmissions always differ without intervention 
from the user and that the learning process is con- 
ducted in a secure fashion. The learning decoder 
must be accessible and available and information re- 
garding the manufacturer's key must be available in 
the decoder. 

In a different embodiment, an even more secure 
learning process is implemented. Using an algorithm 
and a manufacturer's key together with a unique key 
generation seed chosen for each encoder, an encod- 
er key is generated. The key generation seed and 
user key are programmed into every encoder along 
with the encoder serial number and management 
code information. The key generation algorithm and 
manufacturer's key need not reside in any encoder. 
No mathematical link need or should exist between 
encoder serial numbers and key generation seeds. 
When learning a decoder with a new encoder, the en- 
coder is put into learning mode and the key genera- 
tion seed and serial number are transferred to the de- 



coder. The decoder generates a key for this encoder, 
using the manufacturer's key, key generation seed 
and key generation algorithm. As the key generation 
seed is only transmitted during the learning process, 

5 unauthorized access, under normal operation, is not 
possible even if the manufacturer's key is known. 

In a further embodiment of the more secure 
learning process, a unique manufacturer's key for 
each transmitter can be used for the calculation of the 

10 key for that transmitter. All decoders do not therefore 
have to contain a complete manufacturer's key. Dur- 
ing learning, the manufacturer's key related to a par- 
ticular encoder is derived from the key generation in- 
formation received from that encoder. The manufac- 

15 turer's key can be derived by modifying or augment- 
ing a stored complete or partial manufacturer's key, 
or by using the incoming key generation information 
exclusively to determine the manufacturer's key. 
The decoder then calculates the encoder's key, 

20 using the modified or augmented manufacturer's key 
and one or more of the following: the encoder's serial 
number; the same key generation information used 
for the determination of the manufacturer's key; and 
further key generation information obtained from a 

25 further transmission. 

The remainder of the learning procedure is iden- 
tical to the described procedures. 

In yet another embodiment of the more secure 
learning process, the encoder's unique key can be 

30 derived without further stored or secret information, 
but from information transmitted as a learning seed. 
In this embodiment, no manufacturer's key is re- 
quired in the decoder. 

In any or all of these embodiments, the encoder 

35 can be designed to allow transmission of the key gen- 
eration information to be disabled permanently after 
the learning process has been completed. The dis- 
abling action can be executed by a specific input 
command, through a programming action orautomat- 

40 ically. Automatic processes may include counting the 
number of activations of the transmitter and disabling 
transmission of the key generation information after 
one or a predetermined number of activations. 

A verification process is initialised to verify that 

45 the correct key has been generated and that other en- 
coder information has been stored. On completion, 
the encoder is now a valid encoder with correct syn- 
chronisation information. This verification process 
also ensures that transmitters with rogue encoders or 

so transmitters from other manufacturers that do not 
have the correct manufacturer's key cannot be 
learned. 

The use of a key generator seed protects the se- 
curity of the system in the event of unauthorized scan- 
55 ning for the serial number of an encoder. With the 
known serial number, it is very unlikely, but possible, 
that an encoder can be forged if access is gained to 
the manufacturer's equipment and the manufactur- 
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agram form of an encoder and data transfer inter- 
face, and a decoder and data transfer interface, 
in an access control system according to the in- 
vention; 

5 Figure 2 is a block diagram, in greater detail, of 

the encoder of Figure 1 , 

Figure 3 is a block diagram, in greater detail, of 
the decoder of Figure 1 , 

Figures 4a and 4b are flow charts of the operation 
10 of a learning algorithm embodied in the system of 
the invention, and 

Figure 5 is a d ia gram of the storage format of sets 
of parameters used in the encoder and the decod- 
er of the invention. 

15 

DESCRIPTION OF PREFERRED EMBODIMENT 

The invention is described hereinafter firstly in a 
general sense, with reference to Figure 1, in order to 
20 illustrate the principles of the invention and there- 
after, with reference to Figures 2 to 5, in a more de- 
tailed manner which is related to a practical embodi- 
ment of the invention. 

25 Simplified Description 

Figure 1 is a simplified block diagram of a trans- 
mitter comprising an encoder 10 and a data transfer 
interface 11, and a receiver comprising a decoder 12 
30 and a data transfer interface 1 3, used in a code hop- 
ping remote control system. Sophisticated functions 
and multiple encoder/decoder combinations have 
been omitted only for the sake of clarity. 

The invention is primarily concerned with the irrv 
35 plementation of learning in a code hopping system. 
Learning has been implemented in standard fixed 
code systems, but code hopping systems present a 
unique challenge. Information encoded by the encod- 
er cannot be decoded unless one has access to a user 
40 key and the encoded information can consequently 
not be used to transmit the key to the decoder. The 
invention is directed to overcoming this problem. 

The encoder includes a button encoder 14, a 
counter/storage and error correction 16, manage- 
rs ment code storage 1 7, a non-linear encoder 1 8 having 
an encoding algorithm, storage 20 for a key genera- 
tion seed, storage 22 for a user key, storage 24 for a 
serial number associated with the encoder, and a 
pulse width modulated (PWM) code generator 26. 
50 The decoder 1 2 consists of a controller 31 , a for- 



er*s key. If a key generator seed is used, however, the 
key that is stored in the decoder cannot be generated 
without having access to the owner's transmitter or 
token as well. 

After the learning operation has been success- 
fully executed and the decoder has returned to the 
normal operating mode, the encoder can be used to 
activate the decoder in the normal way. This means 
the serial number will again be compared against 
learned systems. Special baud rate compensation 
circuitry can be used during the reception process to 
allow reliable code reception. The stored key associ- 
ated with the encoder serial number is used to decode 
the transmission. The integrity of the received and de- 
coded transmission is checked for validity by compar- 
ing the management code information received and 
decoded from the encoder with the stored informa- 
tion. Asimilar process is carried out on the associated 
counter information. If successful, the counter infor- 
mation is updated and the predetermined output sig- 
nal is selected, resulting in the correct external func- 
tion being activated. 

To prevent an intruder from grabbing key infor- 
mation and compromising a security system, it is de- 
sirable that the key information should not be trans- 
mitted. Code hopping makes it impossible for an in- 
truder to gain unauthorised access to the decoder or 
the learning capability of the decoder by using code 
grabbing or generation, or by initialising an unautho- 
rised code hopping encoder. 

The described system makes use of stored keys 
in the decoder to decode incoming transmissions. An 
alternative arrangement for a learning system is to 
store only the key generation seed, instead of the full 
key, in the decoder's key location. During decoding 
operations, the correct key is generated from a selec- 
tion of the associated seed, serial number and man- 
ufacturer's key. The advantage is that less non-vola- 
tile storage space is required, as the key generation 
seed may require less storage space than the key. 
The correct key is generated in RAM whenever need- 
ed. Since several encoders can be learned to a single 
decoder and the RAM can be used over and over, this 
implementation can be economical. 

This invention can be used in different configur- 
ations to enable a manufacturer to utilise its princi- 
ples, for example, in a vehicle security system, door 
or gate remote control security system or in a system 
to control personnel access to a security area. Differ- 
ent kinds of transmission media can also be used, for 
instance radio, infra red or a physical wire connection. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The invention is further described by way of ex- 55 
ample with reference to the accompanying drawings 
in which: 

Figure 1 is a simplified representation in block di- 



mat detector 32, a decoder 34 having a decoding al- 
gorithm, an integrity checking part 35, a counter value 
synchronization checking unit 36, an output manage- 
ment function 38, counter/storage 40 for a manufac- 
turer's key, a key generation algorithm/ control unit 
42, storage 43 for a management code, storage 44 for 
a decoder key, and counter/storage and error correc- 
tion 46 for counter information. 
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The button encoder 14 is responsive to a plurality 
of buttons 48 which are manually actuable. When a 
button is actuated the encoder 10, as a whole, is ac- 
tivated. The encoder may function in any one of a 
plurality of modes, as will become apparent from the 5 
following description, with the encoder operating 
mode being determined by the button or combination 
of buttons which are actuated. The encoder functions 
are controlled by a controller 49. 

The controller 49 of the encoder controls the en- 1 o 
coder operation. The controller 49 is connected to 
each part of the encoder and senses the operational 
state of each part and provides operational control 
signals to each part to control the operation and func- 
tioning of the encoder as a whole. Encoder com- 15 
mands are received from the external buttons and 
used to initiate operational control signals to the rest 
of the encoder. Control signals can consist of encoder 
mode changes, selection of transmission information, 
and activation of all the different parts as necessary. 20 

The controller 31 of the decoder controls the de- 
coder in a similar fashion to that exerted by the con- 
troller 49 on the encoder. The controller 31 is connect- 
ed to each decoder part it senses the operational 
state of each part of the decoder and provides opera- 25 
tional control signals to each part to control the oper- 
ation and functioning of the decoder as a whole from 
the decoder commands that are received from the for- 
mat detector and mode select input signals. Control 
signals can consist of decoder mode changes, seleo 30 
tion of key generation, storage of information, such as 
keys and serial numbers, integrity checking, syn- 
chronization and counter value storage, and output 
signals. 

The controller 49 may function in either of two 35 
modes, namely a learning mode or a normal operat- 
ing encoding mode. Each mode may be selected, as 
has been indicated, by an appropriate choice of the 
buttons 48, or in any other suitable way specific to the 
application arrangement of the encoder. Once a com- 40 
mand has been entered by the button encoder 14, 
control signals are issued by the controller 49. In the 
normal operating mode, control signals to operate the 
counter/storage and error correction part 16, man- 
agement code storage 1 7, non-linear encoder 1 8, key 45 
storage 22, serial number storage 24 and PWM code 
generator 26 to select and activate the appropriate 
output of each specific part. This ensures that the en- 
coder will function as described more specifically 
hereinafter. 50 

If the encoder is used in a learning mode, the con- 
troller 49 issues control signals to the seed storage 
20, serial number storage 24 and PWM code genera- 
tor 26 to select and activate the appropriate output of 
each specific part. This ensures that the encoder will 55 
function as described more specifically hereinafter. 

The controller 31 of the decoder may function in 
either of two modes, namely a learning mode and a 



normal operating encoding mode. The mode may be 
selected by appropriate internal or external circuitry. 
Internal circuitry can be activated by the normal de- 
tecting and decoding operation as described herein- 
after, to put the decoder in a learning mode. External 
circuitry, such as a push button 110 or other switching 
means, can be used as well. 

In normal operation mode, once the decoder has 
detected a received signal using the format detector 
32, the controller 31 decides on the control signals to 
operate the decoder. Control signals are issued to the 
key generation algorithm/control unit 42, key storage 
44, decoder 34, management storage 43, integrity 
checking 35, counter/storage and error correction 46, 
counter value checking 36 and output management 
38 to select and activate the appropriate output of 
each specific part. This ensures that the encoder will 
function as described more specifically hereinafter. 

If the decoder is used in the learning mode, the 
controller 31 issues commands to the key generation 
algorithm/control unit 42, key storage 44, decoder 34, 
management storage 43, integrity checking 35, coun- 
ter/storage and error correction 46, output manage- 
ment 38 and learning control 100. This ensures that 
the decoder will store the appropriate information and 
function as described more specifically hereinafter. 

In the normal operating mode the counter/stor- 
age and error correction 16 is activated each time the 
encoder 10 is used. Its count is therefore indicative of 
the number of times the encoder is used. The counter 
value is stored in non-volatile memory. The memory 
only operates when power is supplied to the encoder. 
If the counter value is changed and the power discon- 
nected at the same time, it can cause spurious values 
to be stored. For this reason an error correction func- 
tion is included in the counter/ storage and error cor- 
rection 16. The counter information is encoded in the 
non-linear encoder 18 using the user key in the stor- 
age 22. The output of the encoder 18 thus comprises 
variable information which is combined in the gener- 
ator 26 with the serial number from the storage 24. 
The serial number, as has been noted, is associated 
with the encoder. The output of the generator 26 is ap- 
plied to the data transfer interface 11 and transmitted 
to the data transfer interface 13 and decoder 12. The 
serial number can also form part of a unit number 
uniquely to identify an encoder unit. 

It is to be noted that the encoder and the decoder 
may be directly connected, for example by means of 
a wire, or the encoder and decoder may be remote 
from one another and the transmission of information 
may be done by radio signal, optically, at an infra-red 
frequency or in any other suitable way. 

The signal which is received by the decoder 12 
using the data transfer interface 13 is converted to a 
logic signal which, in turn, is converted by the format 
detector 32, to a number which is applied to the de- 
coder 34. The detector may be a pulse width modula- 
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tion code detector. The decoding algorithm of the de- 
coder 34 decodes the variable portion of the number, 
yielding counter and management code information, 
the integrity of which is checked by the part 35 using 
management code information in the storage 43, to 5 
verify the validity of the decoding operation. If it is val- 
id, the unit 36 compares the decoded counter informa- 
tion with counter information held in the storage 46 to 
determine that the decoded number is valid and has 
not been used before. If the reception is valid then the 10 
relevant outputs are activated by the output manage- 
ment function 38. 

In order to implement learning the user places the 
decoder 12 in a learning mode. The encoder 10 is also 
effectively placed in a learning mode by activation of 1 s 
the appropriate buttons 48. In this case the key gen- 
eration seed held in the storage 20 is applied together 
with the serial number in the storage 24 to the gener- 
ator 26. It is to be noted that the key generation seed 
is only used during the learning operation. The whole 20 
operation of the decoder is controlled by the control- 
ler 31. 

The data transfer interface 11 thus transmits in- 
formation on the key generation seed and the serial 
number to the decoder 12. The data transfer interface 25 
1 3 receives this information which is then detected by 
the detector 32 and passed to the key generation unit 
42. This unit calculates a decoder key based on the 
incoming key generation seed and the manufactur- 
er's key which is held in the storage 40. The newly 30 
generated decoder key is stored in the location 44 and 
can be used for any future decoding operations, act- 
ing on the decoding algorithm of the decoder 34. 

The key generation algorithm that is used in the 
key generation unit 42 during the secure learning op- 35 
eration is usually a non-linear algorithm. This algo- 
rithm accepts as input the manufacturer's key 40 (not 
shown) and key generation information. The key gen- 
eration information can consist of the encoder serial 
number 24 or the seed 20 or both. The key generation 40 
information may be used to modify or augment the 
manufacturer's key stored in the decoder before the 
new key is calculated. Alternatively, the decoder may 
not have a manufacturer's key at all, and may derive 
the decoding key solely from the key generation infor- 45 
mation transmitted by the encoder, or use that key 
generation information directly as a decoding key. 
This information is transferred from the encoder in a 
learning operation to the decoder. 

The decoder 12 uses the key generation algo- so 
rithm to generate a key, held in the storage 44, that is 
used to decode a normal code hopping transmission. 
The security of this mechanism arises from the fact 
that the relationship between the transmitted seed 
and the decoding key is not known, rendering any kind 55 
of interception of the transmission pointless. The non- 
linear key generation function also makes it impossi- 
ble to establish any relationship between the key and 



the key generation information, and thus an illegiti- 
mate encoder cannot be produced. The key 22, serial 
number 24 and randomly generated seed 20 of an en- 
coder 10 are loaded during the manufacturing proc- 
ess. The manufacturer generates the key using the 
seed, serial number, manufacturer's key and key gen- 
eration algorithm. The key generation algorithm is not 
made known publicly. Because the seed is a random 
number, and the serial number is also used in this 
process the possibility of manufacturing two encod- 
ers with the same keys is very slim. 

The verification of the learning process is effect- 
ed as follows. The user presses the appropriate but- 
ton 48 for normal operation of the encoder 10, thereby 
causing the transmission of the variable code which 
is produced by the non-linear encoder 18, and of the 
serial number held in the storage 24. The newly gen- 
erated decoder key in the storage 44 is used to de- 
code the incoming code in the decoding algorithm of 
the decoder 34. The management code information 
which is thereby produced, is used to verify the val- 
idity of the decoding operation by comparing it to the 
management code in the storage 43. The incoming 
counter information is stored in the relevant storage 
location 46. An error correction function is included in 
the unit 46 to ensure that if spurious data is stored 
during a power failure, the correct data can be recov- 
ered as soon as power is restored to the decoder. 

The user then activates the encoder 10 again. 
Once more the resulting variable code and the serial 
number are received by the data transfer interface 1 3. 
The variable code is decoded by the decoding algo- 
rithm of the decoder 34, using the newly generated 
decoder key. The counter information which results 
from this transmission is checked against the counter 
information held in the storage location 46. If the com- 
parison indicates that the two variable code transmis- 
sions were successive then it is assumed that the 
learning process has been valid and the decoder is 
taken out of the learning mode. The system may now 
be used for normal operation. 

A special relationship exists between the key 
generation seed in the storage 20 and the user key 
held in the storage 22. This relationship is dependent 
on the manufacturer's key held in the storage 40. The 
manufacturer's key is however not programmed into 
the encoder but, instead, is used in a production line 
programming unit which programs corresponding key 
generation seeds and user keys into respective en- 
coders. The manufacturer's key is, on the other hand, 
wholly or partially programmed into each decoder and 
is used during learning, in the manner described, to 
calculate the correct decoder key, which is then held 
in the storage location 44, from the received key gen- 
eration seed. 

The calculation of the decoder key may involve 
augmentation or modification of the manufacturer's 
key from the key generation information. Alternative- 



10 



m 

19 



EP0 688 929 A2 



20 



ly, the decoder may not have a manufacturer's key at 
all, and may derive the decoding key solely from the 
key generation information transmitted by the encod- 
er, or use that key generation information directly as 
a decoding key. 

In a variation of the learning process the serial 
number which is held in the storage 24 is used by the 
key generation unit 42 to generate the decoder key. 
In this case there is no need for the encoder to have 
the capability of transferring the key generation seed. 
Further, a special relationship exists between the ser- 
ial number and the user key, rather than between the 
key generation seed and the user key. 

The serial number is present in each transmis- 
sion. Thus the encoder from which a transmission 
originates can be identified even though an outsider 
cannot gain access to the information contained in the 
transmission. The serial number can be used to iden- 
tify several encoders in a single system making it pos- 
sible to accommodate several distinct encoders in a 
single decoder system. 

Functional Description 

The following description, based on Figures 2 to 
5 of the accompanying drawings, is made with refer- 
ence to a practical form of the control system of the 
invention which embodies the general principles 
which have been described in connection with Figure 
1. 

Where applicable similar reference numerals to 
those employed in Figure 1 are used in Figures 2 to 
5 to indicate like components. 

Figure 2 depicts an implementation of a code 
hopping remote control transmitter comprising an en- 
coder 10, buttons 48, a controller 49, a power supply 
50 and a data transfer interface 11, which may all be 
housed in a protective housing, which is fitted with a 
keyring to enable the user to transport the transmitter 
conveniently. The buttons 48 may be push button 
switches, for activation by remote control of the vari- 
ous functions of the security system, and possibly for 
the supply of power, from the power supply 50, which 
may be a battery, to the entire transmitter. 

All the elements shown in the block diagram, 
apart from the power supply 50, the button switches 
48 and the data transfer interface 11, can be imple- 
mented in a single integrated circuit. An application- 
specific integrated circuit is the preferred implemen- 
tation in order to make reverse engineering as diffi- 
cult as possible. Reverse engineering poses a secur- 
ity risk in security systems, as full access to algo- 
rithms and stored information is provided by this proc- 
ess. 

The encoder 10 includes a button encoder 14 for 
encoding information regarding the buttons 48 which 
are pressed and outputs encoded information 52 
which is used for controlling the operation of the en- 



coder using the controller 49 as well as other parts, 
and which may be encoded as a "function request* to 
determine the functions to be activated by the decod- 
er 12. The controlling functions include selecting the 

5 mode of operation of the serial code generator 26, 
and selecting the virtual encoder to be emulated. 
(The meaning of the phrase "virtual encoder" will be- 
come apparent from the following description). A 
function request can activate one of several outputs 

w on the decoder. A typical application would be in a ve- 
hicle security system, where different decoder out- 
puts could be used to disarm an immobiliser, arm an 
alarm, disarm the alarm and operate electric windows 
of the vehicle. 

15 As an example of the button encoder 14, if a num- 
ber, b, of buttons are used to activate the encoder, the 
button encoding function encodes the value b to dis- 
tinguishable values that are passed to the internal cir- 
cuitry of the encoder. Pressing two buttons at the 

20 same time can for instance initiate the generation by 
the button encoder 14 of a distinguishable value that 
activates the encoder to transfer encoder related in- 
formation. If either one of the same two buttons is 
used separately, a totally different value is generated 

25 by the button encoder 14, resulting in the selection 
and transfer of different information. This means that 
with b buttons, 2 b different functions can be distin- 
guished and selected. The button encoder 14 can 
also be used to set the encoder in a learning mode by 

30 programming the encoding function to output a pre- 
determined value which can be presented if any one 
or a combination of buttons are pressed. 

A section of non-volatile memory 54 is used to 
store a plurality of parameter sets 56A. 56N. 

35 Each parameter set consists of a fixed key generation 
seed 60 which corresponds to the seed held in the 
storage 20 of Figure 1 , a serial number 62 which cor- 
responds to the serial number held in the storage 24 
of Figure 1 , an encoding or user key 64 which corre- 

40 sponds to the user key held in the storage location 22, 
counter and error correction information 66 which in- 
cludes the counter information held in the coun- 
ter/storage and error correction 16, and a manage- 
ment code 68 corresponding to that held in the stor- 

45 age 17. 

As has been noted provision is made for the stor- 
age of several parameter sets 56. Each parameter set 
is associated with what is termed herein a "virtual en- 
coder", for the encoder can act as any one of different 

50 virtual encoders, depending on which buttons 46 are 
pressed. 

The counter/storage and error correction 16 is 
updated each time the encoder is actuated. When 
several parameter sets are used, however, only the 
55 counter information in a particular parameter set is 
updated each time the corresponding virtual encoder 
is used. 

A specific encoder can either use a single stored 
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parameter set 56 along with various function re- 
quests, or different parameter sets with similar or dif- 
ferent function requests. Typically, different parame- 
ter sets will be used if several different decoders are 
to be accessed. Several functions might be accessi- 5 
ble on eacn of these decoders. Asingle encoder might 
then be configured to access all the decoders, using 
different parameter sets, and be able to combine dif- 
ferent function requests with each of the parameter 
sets. 10 

The serial number 62 is unique to a particular vir- 
tual encoder, and is encoded with each emission from 
that particular virtual encoder. The encoding or user 
key 64 is a number, unique to a specif ic virtual encod- 
er, that is used to encode the transmission in such a 15 
way that the original encoded information cannot be 
retrieved by an outsider. The management code 68 
consists of information about the status of the partic- 
ular virtual encoder, and may include sections with 
predefined values for checking the integrity of decod- 20 
ing operations in the decoder. The counter and error 
correction information 66 is the count of a 16 bit coun- 
ter, used for keeping track of the synchronisation be- 
tween the encoder and the decoder and error correct- 
ed if a spurious error occurs during a storage opera- 25 
tion. The counter is altered each time the virtual en- 
coder is operated. The key generation seed 60 is a 
number which, as has been noted with reference to 
Figure 1 , bears a specific relationship to the encoding 
key 64. While the key is re ad- protected, the seed 60 30 
is not necessarily inaccessible. However, the relation- 
ship between the two is sufficiently obscure that an 
outsider will not be able to infer the key from the value 
of the seed. 

Means 61 can also be included permanently to 35 
disable transmission of the seed 60 after learning has 
been completed. The disabling means can be activat- 
ed automatically (e.g. when a predetermined number 
of transmissions have passed) or by a conscious ac- 
tion of the user, including but not limited to, a specific 40 
combination of inputs. 

The non-volatile memory 54 is read-protected to 
prevent scrutiny of the encoding keys 64 from out- 
side. Access to the keys, or to the serial number 62, 
the seed 60 and the manufacturer's key in the storage 45 
40, could enable an outsider to program a similar en- 
coder with an identical key and gain access to the sys- 
tem. 

The encoder includes a non-linear encoder 18 
which uses a user key 64 to encode an input string. 50 
The key length should be sufficient to ensure reason- 
able immunity against analytical attacks, considering 
the state of the art in computer technology. A key 
length of 64 bits is considered adequate for security 
and access control systems. The use of longer keys 55 
has adverse cost implications, while shorter keys pro- 
vide reduced security levels. The length of the output 
string 70 of the non-linear encoding algorithm deter- 



mines the number of bits encoded by the encoder. A 
32 bit output string provides a good balance between 
security and response time at typical remote control 
transmission rates. The input string to the encoding 
algorithm is 32 bits and contains function information 
52 from the button encoder 14 (4 bits), the counter in- 
formation 66 (16 bits) and the management code 68 
(12 bits), specific to the encoder being activated. The 
management code can contain system status infor- 
mation, including low battery voltage indicators and 
mode selections. 

A serial code generator 26 is used to assemble 
the code to be emitted. The code consists of either a 
combination of the 32 bit encoded string 70 produced 
by the non-linear encoder 1 8 and the serial number 62 
of the encoder, or of a fixed key generation seed 60 
and the serial number 62. The code generator 26 also 
implements the modulation scheme required for 
transmission by the data transfer interface 11 which 
in this case is pulse width modulation (PWM). 

The output 72 of the serial code generator 26 is 
emitted by the interface 11 using electromagnetic or 
other means. The data transfer interface 28 can be 
replaced by a direct connection in the case where re- 
mote operation is not required. 

The encoder includes a status monitor 74 which 
can alter parts, for example status information, of the 
management code 68 in a particular memory block, 
depending on selected options and conditions exist- 
ing in the encoder. These changes can be detected in 
the decoder to provide feedback on imminent encod- 
er problems, for example a fiat battery. The status as- 
pects which are monitored are selected via an options 
register 76. 

The options are programmed in the encoder in 
the options register 76 that forms part of the non-vol- 
atile memory. The status monitor 74 selects different 
encoder status according to the options programmed 
in the options register 76. A specific predetermined 
option may indicate for instance a low battery voltage. 
The same value is programmed in the decoder to 
sense the low battery voltage indication in a transmis- 
sion for indication to the user. The programmed op- 
tions and the selected status monitor 74 are activat- 
ed, when an encoder is activated. The predetermined 
value is substituted in part of the management code 
68 before encoding and transferring the information. 
The options, when selected and transferred, are 
sensed by the decoder after decod ing so that the pro- 
grammed action can be taken. 

Figure 3 depicts an implementation of a learning 
code hopping access control decoder 12. 

A data transfer interface 13 converts the electro- 
magnetic or other signals used for transmission of the 
signal from the data transfer interface 11 into a base- 
band logic signal 78 still modulated according to the 
modulation scheme implemented by the serial code 
generator 26. 
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The decoder includes a detector 32 which has 
means for compensating for differences in transmis- 
sion length due to timing differences between the en- 
coder and the decoder 

The detector 32 extracts a 32 bit variable number 5 
80 from the signal 78 and applies it to a decoding al- 
gorithm 34 which decodes the variable number, using 
a 64 bit decoder key 82 stored in a non-volatile mem- 
ory 84. If a valid decoding process has taken place the 
resultant 32 bit code 86 contains the information in- 10 
serted into the non-linear encoding algorithm of the 
encoder 18 before encoding. 

The decoder includes an integrity checking unit 
35 to verify the validity of the decoding process. For 
a valid decoding there is a predetermined relationship 15 
between a stored management code 90, which corre- 
sponds to that held in the storage 43 of Figure 1, and 
the corresponding portion of the decoded 32 bit word 
86. 

The decoder key 82 corresponds to the decoder 20 
key held in the storage location 44 of the decoder 12 
of Figure 1. 

A synchronization checking unit 36 verifies the 
validity of a transmission by comparing incoming 
counter information 92, produced by the integrity 25 
checking unit 35, with stored counter information 94 
for the relevant encoder. The counter information 94 
corresponds to the information held in the storage lo- 
cation 46 of the decoder 12 of Figure 1 and includes 
an error correction function to ensure that the value 30 
of the counter is corrected when a spurious error is 
stored during a power failure. 

An output management unit 38 manages the ac- 
tivation of, or communication with, other devices in 
the system. The unit 38 provides an indication of 35 
which of several functions is or are desired, whether 
the encoder 10 has ceased encoding and whether 
any special options are being requested. An indica- 
tion of the identity of the encoder, from which the re- 
ceived signal originated, may also be made available. 40 
The unit 38 also makes use of storage space in the 
non-volatile memory 84 to manage options, deter- 
mined by an option control unit 96, which may influ- 
ence the format in which output signals 98, which are 
produced by the unit, are presented, or may enable or 45 
disable specific system features. 

A learning control unit 100 manages the learning 
process by passing appropriate instructions to the de- 
tector 32, the decoding algorithm of the decoder 34, 
the integrity checking unit 35, the synchronisation 50 
checking unit 36 and a key address management unit 
102. The unit 100 can be placed into the learning 
mode from outside the decoder, or special output 
combinations can be used to place the decoder in the 
learning mode, by passing the relevant signal from 55 
the management control unit 38 to the learning con- 
trol unit 100. Typically a single memory block is re- 
served for this purpose. The decoder, including the 



learning control 100, is controlled by a controller 31. 

A parameter set 56 of a designated encoder, re- 
ferred to as a master encoder, is stored in this re- 
served memory block. When the master encoder is 
activated the output function control unit 38 sends a 
control signal to the unit 100 thereby placing the de- 
coder 12 in the learning mode. 

The non-volatile memory 84 makes provision for 
the storage of a plurality of parameter sets 

102A 102N which correspond to the parameter 

sets 56A 56N in the encoder. Each parameter 

set includes a serial number 104 which corresponds 
to the serial number 62 of the corresponding encoder, 
and the associated decoder key 82, management 
code 90 and counter information 94. A manufacturer's 
key 106, corresponding to the information held in the 
storage location 40 of Figure 1, is also stored in the 
memory 84 for use during learning operations. 

An alternative embodiment of the decoder may 
also include provision to augment or modify the man- 
ufacturer's key 40 during learning with part or all of 
the key generation seed. Alternatively, the decoder 
may not have a manufacturer's key at all, and may de- 
rive the decoding key solely from the key generation 
information transmitted by the encoder, or use that 
key generation information directly as a decoding 
key. 

The key address management unit 102 manages 
the passage of information to and from the non-vola- 
tile memory 84. The key address management unit 
can be implemented in hardware or in software or in 
a combination thereof. This unit selects the memory 
bank to be used with each memory bank being capa- 
ble of storing a single parameter set. A pointer is also 
maintained in a memory segment 108 indicating the 
next memory bank to be used for learning operations. 

During learning operations a key generation unit 
42 generates a decoding key 82 for the new encoder 
and transfers it to the relevant memory location for 
the respective parameter set 1 02. A non-linear encod- 
ed algorithm of a similar level of complexity to the 
code hopping algorithm is used to ensure that the re- 
lationship between the key generation seed and the 
encoding or decoding key 82 is as obscure as possi- 
ble. 

Figure 5 contains a representation of a encoder 
parameter set 56 and a decoder parameter set 102 
and includes a summary of the contents of each para- 
meter set. 

Operational Description of the Encoder 

When the user presses a button 48 to activate the 
encoder 10, the button encoding unit 14 determines 
which button or combination of buttons has been 
pressed and generates the 4 bit function code 52 to- 
gether with a combination of control signals. The con- 
trol signals determine from which memory block the 
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relevant parameter set will be taken and whether the 
transmission should consist of a hopping code or a 
fixed code. 

The buttons 48 may be replaced by a system that 
can command the encoder electrically. The command 5 
can be generated, for instance, by a computer or other 
equipment, using a special command interface. The 
power of the encoder may also be supplied by the 
command interface. 

In another application the encoder and decoder 10 
combination can be used for authentication and ac- 
cess control purposes. The encoder can be housed in 
a token or smart card that a person can carry and use 
to access, for instance, a security area. The commu- 
nication takes place on an electrical interface. In this 15 
case bi-directional communication is used to commu- 
nicate information between an encoder and a decod- 
er. The serial number 62 of the encoder is transferred 
to the decoder to establish the key 82 to be used in 
the decoding process. A value is presented as an in- 20 
put value to the encoder by the decoder, known as a 
challenge. The encoder encodes the challenge value 
and returns the encoded value to the decoder. The 
decoder now decodes the encoded value and com- 
pares it with the challenge value to establish the au- 25 
thenticity of the encoder and activate an output ac- 
cordingly. This technique is generally known as IFF 
(identification friend or foe). In this application, the 
seed 60 of the encoder can be transferred to a decod- 
er in learning mode. The key (82) can be generated 30 
and stored in the decoder as described herein. 

The ability to employ more than one parameter 
set for an encoder enables the encoder to address 
more than one decoder without interference, even if 
a single operating frequency is shared. The encoder 35 
appears to be a chosen one of several independent 
encoders, each of which is capable of independent 
operation, hence the phrase "virtual encoder". Clear- 
ly the encoders are not capable of simultaneous op- 
eration. For hopping code operation the non-linear 40 
encoding algorithm of the encoder 18 uses the re- 
spective encoding key 64 to encode the counter infor- 
mation 66 and the management code 68 together with 
the 4 bit function code 52. The 32 bit output code 70 
is presented to the serial code generator 26. The 45 
counter information 66 is altered each time a trans- 
mission takes place for the respective virtual encoder. 
The serial code generator 26 appends the relevant 
encoder's serial number 62 to the encoded part there- 
by forming a single output code 72 which is presented 50 
to the input of the data transfer interface 11 in PWM 
serial form (in this example). 

For fixed code operation the key generation seed 
60 is presented directly to the serial code generator 
26 which presents the code, together with the serial 55 
number 62, in PWM serial form to the data transfer in- 
terface 11. 

Means can also be included to permanently dis- 



able transmission of the seed 60 after learning has 
been completed. The disabling means can be activat- 
ed automatically (e.g. when the encoder has been 
used for a predetermined number of transmissions) or 
by a conscious action of the user including, but not 
limited to, a specific combination of inputs. The dis- 
abling means may take on any suitable form and may 
be a switch 61, activated as described, which inter- 
rupts data flow from the seed 60 to the generator 26. 
Alternatively the control 49, in response to a manual 
or other input, can be used to inhibit data transfer 
from the seed to the generator 26. The control could 
also be used to activate the switch 61. 

In both modes of operation the data transfer in- 
terface 11 transmits the information from the serial 
code generator using electromagnetic or other 
means. 

Operational Description - Decoder normal operation 

Signals received by the data transfer interface 13 
are converted to the logic signal 78, still in PWM form. 
The format detector 32 monitors the logic signal 78 
and when the initial portion of an apparently valid sig- 
nal is observed the detector calibrates itself on the in- 
coming signal to compensate for deviations from 
nominal timing. The remainder of the incoming signal 
is received and converted to a number which, in this 
example, is a 64 bit binary number. 

The first 32 bits of the detector output, i.e. the 
hopping code, are designated 80 and are presented 
to the decoding algorithm of the decoder 34. The last 
32 bits i.e. the serial number, are presented to the key 
address management unit 102. This unit determines 
the memory block to be used by comparing the re- 
ceived serial number with the stored serial numbers 
1 04 until a match is found. The decoding algorithm 34 
uses the decoder key 82 from the correct memory 
block i.e. the respective parameter set, to decode the 
hopping code 80. A 32 bit output 86 is presented to the 
integrity checking unit 88. This 32 bit string comprises 
the original 4 bit function code 52, 16 bits of counter 
information 66 and the 12 bit management code 68. 
The integrity checking unit 35 checks for a predeter- 
mined relationship between the decoded manage- 
ment code 68, in the decoded word 86 and the stored 
version 90. If a defined relationship exists the decod- 
ing is held to have been valid. 

The decoded counter 66 is compared with the 
stored counter 94 held in the respective parameter 
set. If the synchronisation proves that the transmis- 
sion is valid the stored value 94 is updated and the 
output control function unit 38 is advised accordingly. 

The unit 38 outputs the decoded function infor- 
mation 98. The unit may make the information avail- 
able in serial format for use by an external controller 
or may have discrete outputs to indicate any of a num- 
ber of different conditions. The identity of the encoder 
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being decoded that can be included as part of the 
management code, a valid signal indicator, and a sec- 
ond function mode, are all examples of useful output 
information 98. 

5 

Operational Description - Decoder Learning 
Operation 

Learning operation takes place when the user 
wishes to add a new encoder to the system. The 10 
learning control unit 1 00 then receives an input signal 
prompting it to enter the learning mode. The signal 
may be in the form of an instruction from outside e.g. 
generated by a switch or may emanate from the out- 
put function control unit 38 after reception of a valid 1 s 
code, as has been described hereinbefore. 

The user now activates the encoder 10 as a fixed 
code encoder using a specific learning hardware con- 
figuration. The key generation seed 60 is substituted 
for the variable code portion of the transmission and 20 
the serial number 62 is retained as the remainder of 
the encoded code. 

The resultant signal, emitted by the data transfer 
interface 11 , is received by the data transfer interface 
1 3. The format detector 32 passes the entire received 25 
transmission 78 to the key address management unit 
1 02. Thus the signal presented to the unit 102 is a 64 
bit string. The unit 102 deviates from its normal func- 
tioning in the learning mode and generates a decod- 
ing key 82 from one or more of the serial numbers, the 30 
received key generation seed and the manufacturer's 
key 106. The key generation seed or serial number 
may be used to vary the manufacturer's key 106 be- 
fore the decoding key is generated. The manufactur- 
er's key may be modified, or augmented, in any suit- 35 
able way using the seed or serial number or both. This 
key is written into one of the memory blocks depend- 
ing on the value of a pointer used specifically for this 
purpose and held in the memory block 1 08. The re- 
ceived serial number 104 is stored in the relevant 40 
memory block associated with the respective para- 
meter set The next learning pointer can be managed 
according to a variety of different schemes. Options 
include, inter alia, cycling the pointer through the 
available memory locations and allowing the user to 45 
set the pointer from outside. 

From a security point of view a key generation al- 
gorithm, of the kind carried out by the unit 42, should 
only be implemented in an application-specific inte- 
grated circuit as a generic logic device, such as a mi- so 
cro processor, is readily reverse engineered, leaving 
the algorithm open to public scrutiny. 

The user now activates the encoder twice in the 
code hopping mode. During the first transmission the 
64 bit code is received by the data transfer interface 55 
1 3 and detected by the detector 32. The decoding al- 
gorithm of the decoder 34 decodes the 32 bit variable 
code 80 using the newly generated decoder key 82 



and stores the decoded management code 90 in the 
correct location. The decoded counter information 94 
is also stored in the correct location. 

During the second transmission the received sig- 
nal is detected by the detector 32 and the serial num- 
ber is passed to the key address management unit 
102 where it is compared with the newly stored serial 
number 104. In addition the 32 bit variable code 80 is 
decoded by the decoding algorithm 34. The integrity 
checking unit 88 checks the decoded management 
code against the stored version 90 and the synchron- 
isation checking unit 36 checks the decoded counter 
information against the stored version 94. If any of 
these checks is unsuccessful the learning operation 
is rejected. If they are all successful the next learning 
pointer in the storage location 108 is altered to indi- 
cate that the next memory block is available for learn- 
ing. 

The learning process may also include a routine 
to learn a specific combination of outputs for use with 
a specific encoder. For example a specific user may 
require special priority in a specific system and this 
priority can be assigned during such a routine. 

Once the entire learning operation has been suc- 
cessfully concluded the user should activate the en- 
coder once more to verify that the encoder is operat- 
ing correctly. 

Decoder Operation - Alternative Key Management 
Scheme 

The system as it has been described thus far 
makes use of stored keys 82 in the decoder to decode 
incoming transmissions. An alternative arrangement 
for learning systems is to store only the key genera- 
tion seed, instead of the full key, in the location allo- 
cated for the key 82. During decoding operations the 
correct key is generated from the associated key gen- 
eration seed and the manufacturer's key 106. The ad- 
vantage is that less non-volatile storage space is re- 
quired as the key generation seed typically requires 
less storage space than the key. The correct key is 
generated in RAM whenever needed. 

Learning Algorithm 

Figures 4a and 4b are flow charts of the learning 
algorithm embodied in the decoder. Referring to Fig- 
ure 4a, once the learning mode has been established 
as described previously, the key generation seed 
(stage 150) and the hopping code (stage 152) are re- 
ceived by the decoder. At a stage 1 54 a relational 
counter (in the key generation unit 42) is initialized, 
and set to zero. The relational counter is used to allow 
for more than one relationship between the key gen- 
eration seed, the encoder serial number and the key 
for the encoder, or between the encoder serial num- 
ber and the key for the encoder. 
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The relational counter 154 is used at a stage 156 
to compose a modified seed for the key generation al- 
gorithm which is a non-linear algorithm using at least 
the key generation seed as an input. The key gener- 
ation seed may be used to vary, e.g. modify or aug- 5 
ment, the manufacturer's key 106 before each learn- 
ing operation (stage 157). Alternatively, the incoming 
seed can be used, in its original or a modified form, 
exclusively (i.e. without a manufacturer's key) as a 
decoding key. Thus, as is shown in Figure 1 , referring 10 
to the decoder, a control signal from the format detec- 
tor 32 can be applied to the storage 40, to modify the 
manufacturer's key before the fresh decoding key is 
generated. On the other hand the storage 40 and the 
key generation unit 42 can be dispensed with so that is 
the incoming information is supplied to the storage 
44, as is indicated by a dotted data transfer line, and 
held in the storage 44 for use as the fresh key. It is 
apparent that, referring to Figure 4a, and depending 
on the embodiment of the invention, the stage 157 is 20 
optional. Also, if the incoming information is to be 
used directly as the fresh key, the stage 158 is dis- 
pensed with. This variation is also shown in Figure 3 
where an optional data transfer link extends from the 
detector 32 to the intermediate storage for the key 25 
106. In addition, as has been explained the unit 42 
and the intermediate storage for the key 106 can be 
removed, or inhibited. In this case the incoming data 
is directly transferred from the detector 32 to the stor- 
age for the key 82. The integrity of the decoding op- 30 
eration is checked at a stage 164 to decide if the de- 
coding operation is valid. If valid, the flow proceeds to 
stage 1 70. If it is not valid, it is decided if the operation 
should carry on or not at a stage 166. If the operation 
should carry on, the relational counter 154 is incre- 35 
mented (stage 168) to establish a new relationship 
that may be valid. 

The learning process terminates at a stage 172 if 
all valid relationships between the key generation 
seed and the serial number have been used and a val- 40 
id relationship (stage 166) has not been found. 

The probability of accidentally accepting an inval- 
id encoder during learning is related to the number of 
predefined bits within the encoded management 
code. Since no more than 12 bits are available in the 45 
implementation under discussion the best integrity is 
in the order of 1 in 4000. This level is regarded as in- 
adequate for security systems. The integrity can be 
improved either by increasing the length of the known 
component of the management code or by imple- so 
menting a checking algorithm based on a second 
transmission (stage 176 in Figure 4b) from the encod- 
er being learned. Longer code lengths have disad- 
vantages such as higher implementation cost and 
longer response times. Using a second transmission 55 
increases the certainty of the integrity checking by 
many orders of magnitude without affecting the sys- 
tem cost or the response time. 



The second part of the flow chart implements this 
technique, as described with reference to Figure 4b. 
If the decoding function is performed and found valid 
(stage 170), a decoded counter value is stored (stage 
1 74). At stage 1 76 a second hopping code is received. 
This code is decoded (stage 178) and the decoded 
management code verified (stage 180) with the stor- 
ed management code. If the values do not match the 
learning process is accepted as invalid and aborted. 
Next, the counter value is verified at stage 182 with 
the stored counter value. If the values do not match, 
the transmission is accepted as an invalid and illegit- 
imate learn operation, and aborted. If the counter val- 
ues match, a valid learn operation is accepted (stage 
184). If the counters do not match, as with normal 
code hopping system operations, some leeway may 
be allowed in the counter synchronization checking 
(stage 182) to allow for interim transmissions that 
may not have been decoded by the decoder, and can 
be accepted as if they match and are regarded as val- 
id. 

At the stage 184 it is assumed that a valid learn- 
ing process has been completed. The next learning 
pointer (reference 108 in Figure 3) is updated at stage 
186 to point to the next available learning position. 
Output configuration learning associated with a par- 
ticular encoder can be included at a stage 188 if re- 
quired. At a stage 1 90 the learning cycle is completed. 

Obviously, numerous modifications and varia- 
tions of the present invention are possible in the light 
of the preceding teachings. For example, the encoder 
part 10 is implemented on an application specific in- 
tegrated circuit (ASIC). Part of the circuit is made up 
of non-volatile memory that is used to store the dif- 
ferent changing and programmable values, such as 
the parameter sets 56 and options 76. Although this 
method of implementation is used to ensure the se- 
curity and practical aspects of the system, it can be 
implemented in software in a computer or a micropro- 
cessor controller. The same approach is used with the 
decoder 12. The functions and memory parts are im- 
plemented on an ASIC, but can also be implemented 
on a computer or microprocessor controller. This im- 
plementation may be preferable at the decoder, as the 
decoder may be required to store a large amount of 
information to allow many users to access the sys- 
tem. It is therefore understood that within the scope 
of the appended claims, the invention may be prac- 
tised otherwise than as specifically described herein. 



Claims 

1. A method of operating an encoder which includes 
the steps of : 
storing a serial number 
storing at least one of the following: 
a seed; 
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a key; and 

a derivative of the key; and 
transferring key generation information which in- 
cludes at least one of the following: 

the seed; 

the key; 

the derivative of the key; 

the serial number; and 

information derived from applying the key 



a first key; and 

a derivative of the first key; and 
using the encoder to transfer a signal which in- 
cludes key generation information which includes 
at least one of: 

the seed; 

the serial number; and 

information derived from applying the first 



key or the derivative of the first key and an algo- 
rithm to an input value; 

and, at the decoder, 
receiving the transferred signal; and 
5 extracting the key generation information from 

the received signal. 

7. A method according to claim 6 which includes the 
steps of: 

using a plurality of encoders; 
activating a selected encoder using a com- 
mand; 

transferring a signal which contains the 
key generation information associated with the 
selected encoder and 

at the decoder, storing a plurality of parameter 
sets, each parameter set being associated with a 
respective encoder and including information se- 
lected at least from: 

a respective serial number; 
a respective management code; and 
a respective counter value; 
receiving the said transferred signal, and 
generating a respective second key, associated 
with a selected parameter set, using at least one 
of the following: 

a manufacturer's key; and 
the key generation information contained 
in the said received signal. 

8. Amethod according to claim 6 or 7 which includes 
the step of stopping the transferring of the signal 
which includes the key generation information af- 
ter such transferring has taken place one or a 
number of times. 

9. An encoder (10) which includes: 
means (24) for storing a serial number, 
means (20, 22) for storing at least one of the fol- 
lowing: 

a seed; 
a key; and 

a derivative of the key; and 
means (26, 11) for transferring key generation in- 
formation which includes at least one of the fol- 
lowing: 

the seed; 
the key; 

the derivative of the key; 
the serial number; and 
information derived from applying the key 
or the derivative of the key and an algorithm to an 
input value. 

55 1 0. A decoder (1 2) which includes; 

means (13) for receiving a signal which contains 

key generation information; and 

means (32, 34) for extracting key generation in- 



or the derivative of the key and an algorithm to an 10 
input value. 

2. A method according to claim 1 wherein the said 
key is generated using at least one of the follow- 
ing: 15 

a manufacturer's key; 
the seed; 
the key; 

the derivative of the key; and 

the serial number; 20 
and wherein the input value includes at least one 
of the following: 

a management code; 

a counter value; and 

information relating to a command. 25 

3. A method according to claim 1 or 2 which includes 
the step of stopping the transferring of the key 
generation information after such transferring 
has taken place one or a number of times. 30 

4. A method of operating a decoder which includes 
the steps of: 

receiving a signal which contains key generation 
information; and 35 
extracting key generation information from the 
received signal. 

5. A method according to claim 4 which includes the 
steps of generating a second key using at least 40 
one of the following: 

the key generation information; and 
a manufacturer's key. 

6. A method of operating an access control system 45 
which includes an encoder and a decoder, the 
method including the steps of: 
storing a serial number; 
storing at least one of the following: 

a seed; 50 
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formation from the received signal. 

11. Adecoder according to claim 10 wherein the key 
generation information includes at least one of 

the following: 5 
a seed; 
a first key; 

a derivative of the first key; 
a serial number; and 

encoded information derived from apply- 10 
ing the first key or the derivative of the first key 
and an algorithm to an input value; 
and which includes means (40, 42) for generating 
a second key using at least one of the following: 

the key generation information; and 15 

a manufacturer's key. 

12. Adecoder according to claim 10 or 11 which in- 
cludes means (54) for storing a plurality of para- 
meter sets, each respective parameter set includ- 20 
ing at least one of the following: 

a respective serial number; 
a respective seed; 
a respective key; and 

a respective derived key. 25 

13. An access control system which includes an en- 
coder (10) and a decoder (12), the encoder in- 
cluding: 

means (24) for storing a serial number; 30 
means (20, 22) for storing at least one of the fol- 
lowing: 

a seed; 

a first key; and 

a derivative of the first key; and 35 
means (26, 11) for transferring a signal which in- 
cludes key generation information which includes 
at least one of the following: 

the seed; 

the first key; 40 

the derivative of the first key; 

the serial number; and 

information derived from applying the first 
key or the derivative of the first key and an algo- 
rithm to an input value; 45 
the decoder (12) including: 
means (13) for receiving the transferred signal; 
and 

means (32,34) for extracting the key generation 
information from the received signal. 50 

14. An encoder adapted for use with a decoder which 
decrypts signals from the encoder using a de- 
cryption key, the encoder being operable to 
transmit key generation information to the decod- 55 
er which the decoder can use to learn a new de- 
cryption key. 
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Figure 4b 
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